This direct, short sentence in an email, often outside of business hours, can be all that it takes for a criminal to start an email conversation with campus staff members. They are led down a road with the end goal of unknowingly handing over sensitive or confidential information, or persuading them to do something they normally wouldn’t.
Over the past year, the popularity of this scam has increased throughout the nation, and UA Little Rock has not been spared. In this targeted attack, criminals create fake email addresses that look like they’re coming from a campus user, often in a leadership position. They often take a form like Mike.Trout.UALR.firstname.lastname@example.org. The messages are often short and personalized, and create a sense of urgency. They also often include the correct signature of the individuals they’re impersonating. Unsuspecting users receive these messages, and because email clients typically do not display the actual sender’s email address — only the name — it is difficult to spot. This approach preys on our desire to be helpful.
Stop. Think. Connect.
When confronted with an email, a phone call, or even a person that is asking, inquiring, or requesting you to do something that doesn’t seem right, and there’s an unnecessary sense of urgency, STOP.
Don’t proceed. Emails can wait and messages can be taken for phone calls or visits.
Would your boss or someone in a leadership position really need you to provide them the company credit card via email? Would someone really contact you on behalf of a user, vendor, or company and request that you update their bank account information?
Don’t do anything without connecting and verifying with the individual who appears to be asking something of you. Don’t assume the email that you received is legitimate, even if it does come from the user. Call using verified campus information or visit the staff member in person. Don’t assume the information provided to you is accurate. Double check significant changes.
- If the message turns out to be fake, use the Report Spam or Report Phishing buttons in the warning message to let Google know it should treat that message as malicious.
Finally, ask. IT Services is more than happy to provide training on IT security for staff, faculty, and students. IT Services is more than willing to ensure that everyone is informed of the current and constantly changing scams that are going on. With everyone’s vigilance, we can be better prepared for situations such as these and ward off the various scams taking place on the internet today.
If you have current processes that you would like to have someone review, or if you would like to have someone briefly speak to your department, please contact Veysel Erdag.